大砲開講

國立政治大學外交學系中文首頁又被植入惡意連結。請各位暫時不要瀏覽這個網站，以免中毒，等確認他們已經修復後，會在此更新訊息 (此惡意程式會偷帳號與密碼)。

**請幫忙通知他們，謝謝**



惡意連結是放置在中文的首頁中：



惡意程式的一部分為：



執行之後，有下面的行為：

[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\yt.vbs
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\update[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\update[1].htm
C:\Program Files\Common Files\search.dll
C:\qing.exe
C:\WINDOWS\system32\winCreate.exe

[Added COM/BHO]
{6F4747B0-4094-4200-A251-866989504B17}-C:\Program Files\Common Files\search.dll

到目前為止，下面的防毒軟體可以偵測到這些惡意檔案：

qing.exe:
[ Trend ], "TROJ_NSANTI.BD"
update[1].exe:
[ Trend ], "TROJ_NSANTI.BD"
winCreate.exe:
[ Trend ], "TROJ_NSANTI.BD"
search.dll:
[ Alpha_Gen ], "Possible_MLWR-1"
[ Beta_Gen ], "Possible_MLWR-1"
[ Microsoft ], "VirTool:Win32/Obfuscator.A"
[ Kaspersky ], "Trojan-PSW.Win32.Nilage.acn"
[ McAfee ], "PWS-Lineage.dll"
[ Sophos ], "Mal/Lineag-A"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Crypt.NSAnti.Gen"
[ Ahnlab ], "infected by Win32/NSAnti.suspicious"
[ Fprot ], "Infection: Possibly a new variant of W32/PWStealer.gen1"